Bad Rabbit Ransomware Wreaks Havoc

BadRabbit ransomware with links to Petya spreads across Eastern Europe

Internet users are being warned to look at Adobe Flash updates with a high degree of caution because they may contain ransomware that will freeze up your computer until a payment is made to the hackers. But the WannaCry and then Petya ransomware caused widespread chaos worldwide earlier this year, and has firmly shifted the terminology into the public psyche.

Kaspersky's Alex Perekalin writes, "According to our findings, the attack doesn't use exploits". Prominent targets include the Russian Interfax news agency as well as various Ukraine-based targets like the Kiev subway system, Odessa worldwide airport, and the infrastructure ministry.

The Bad Rabbit attack hit Ukraine and Russian Federation yesterday (24 October), causing flight delays at Ukraine's Odessa airport. Meanwhile, the Ukrainian computer emergency agency CERT-UA also posted an advisory on Tuesday morning reporting a series of cyberattacks, without specifically naming the malware used in those attacks.

The ransomware spreads through "drive-by attacks" where insecure websites are compromised, Wired reported.

It's been just four months after the "NotPetya" malware spread from two countries across the world.

Initial analysis by cyber experts suggests that Bad Rabbit could be a variant of NotPetya, a sophisticated ransomware that affected operations at global firms like Danish shipping company Maersk, Russian oil giant Rosneft, aircraft manufacturer Antonov, US pharmaceutical giant Merck as well as its subsidiary Merck Sharp & Dohme (MSD) in the UK.

Peru stalemate leaves Argentine teetering on the brink
With each nation now having just one fixture remaining apiece, two points currently separate third and seventh. This seems unreal to type, but Argentina may not make it to next year's World Cup in Russian Federation .

Researcher Kevin Beaumont discovered that the author (s) appear to be fans of Game of Thrones; BadRabbit creates scheduled tasks named after Daenerys Targaryen's dragons, Drogon, Rhaegal and Viserion, as well as a reference to the Unsullied fighter Grey Worm (very different to the skin disease greyscale).

The Bad Rabbit ransomware message.

The attacker demands.05 Bitcoin or $276 United States dollars in exchange for the users' data. Also, once installed, the software doesn't use the famous EternalBlue exploit, believed to have been developed by the NSA before being stolen by a hacking group known as The Shadow Brokers, to spread within corporate networks. If your computer is already infected, the advice is to not pay the ransom.

"[Bad Rabbit] appears to have some similarities to [NotPetya] in that it is also based on Petya ransomware", Cisco experts explain in their report.

There are still no clues as to who might be behind the attack.

Kaspersky recommends that people do not pay the ransom and back up data - meaning if they are infected (by this or anything else), they can simply wipe and restore. Microsoft has provided some useful guidance here network administrators can follow to protect their organizations against Bad Rabbit. This is quickly becoming the new normal for the threat landscape: "Threats spreading quickly, for a short window, to inflict maximum damage".

Related:

Comments


Other news